Juniper Configuration
First, access your Juniper device via SSH or console connection. After logging in to the CLI, we will enter configuration mode. Enter configuration mode with the following command:
configure
You can set the IP address of the syslog server and the log level to send logs from the device to this server. For example, you can use the following command to send logs at the info level;
set system syslog host <Logsign USO IP> any info
any info Allows sending logs at info level and above from all modules. You can change the info level here as error, warning, debugging, etc. according to your needs.
If you want to define specific log levels or modules for specific events, for example to route only the logs at the error level in the authorization module, you can use the following command;
set system syslog host <Logsign USO IP> authorization error
As another example, you can use the security module if you only want to log security events;
set system syslog host <Logsign USO IP> security info
When sending logs to Logsign USO you need to specify facility, sample structure is below;
set system syslog host <Logsign USO IP> any info facility local7
Save the configuration and make it active.
commit
exit
Log Format Sample
<Date and Time> <Device Name> <Process>: <Severity Level> <Event Type> <Event Details>
Add Device
To make Juniper Junos integration, it will be enough to know the ip address that the product has. When you fill in and save the necessary steps from the source addition screen with Syslog(514), the integration of your product will be completed and log flow will start. Whichever facility is selected in the log routing phase should be selected when adding the source.
Just fill in the ip section, specify the facility and the name you want to give to the resource.